Browse Source

feat: deploy shynet

pull/2/head
Karan Sharma 8 months ago
parent
commit
51db73ad42
  1. 4
      hydra/terraform/env.sample
  2. 10
      hydra/terraform/main.tf
  3. 0
      hydra/terraform/modules/caddy/conf/Caddyfile-internal.tpl
  4. 8
      hydra/terraform/modules/caddy/conf/Caddyfile-public.tpl
  5. 62
      hydra/terraform/modules/caddy/conf/caddy.nomad.tpl
  6. 11
      hydra/terraform/modules/caddy/data.tf
  7. 3
      hydra/terraform/modules/caddy/job.tf
  8. 12
      hydra/terraform/modules/cloudflare/records.tf
  9. 2
      hydra/terraform/modules/pihole/conf/pihole.nomad
  10. 99
      hydra/terraform/modules/shynet/conf/shynet.nomad.tpl
  11. 9
      hydra/terraform/modules/shynet/job.tf
  12. 7
      hydra/terraform/modules/shynet/variables.tf
  13. 10
      hydra/terraform/variables.tf

4
hydra/terraform/env.sample

@ -1,3 +1,5 @@
DIGITALOCEAN_TOKEN=
CLOUDFLARE_API_TOKEN=
TF_VAR_cloudflare_caddy_api_token=
TF_VAR_cloudflare_caddy_api_token=
TF_VAR_shynet_postgresql_password=
TF_VAR_shynet_django_secret_key=

10
hydra/terraform/main.tf

@ -27,3 +27,13 @@ module "pihole" {
nomad = nomad
}
}
module "shynet" {
source = "./modules/shynet"
shynet_postgresql_password = var.shynet_postgresql_password
shynet_django_secret_key = var.shynet_django_secret_key
providers = {
nomad = nomad
}
}

0
hydra/terraform/modules/caddy/conf/Caddyfile.tpl → hydra/terraform/modules/caddy/conf/Caddyfile-internal.tpl

8
hydra/terraform/modules/caddy/conf/Caddyfile-public.tpl

@ -0,0 +1,8 @@
shynet.mrkaran.dev {
{{ range service "shynet-web" }}
reverse_proxy {{ .Address }}:{{ .Port }}
{{ end }}
tls {
dns cloudflare "${cloudflare_api_token}"
}
}

62
hydra/terraform/modules/caddy/conf/caddy.nomad.tpl

@ -4,26 +4,26 @@ job "caddy" {
group "proxy" {
count = 1
network {
port "http" {
port "http-internal" {
static = 80
to = 80
host_network = "tailscale"
}
port "https" {
port "https-internal" {
static = 443
to = 443
host_network = "tailscale"
}
}
service {
name = "caddy-http"
tags = ["caddy", "http"]
port = "http"
}
service {
name = "caddy-https"
tags = ["caddy", "https"]
port = "https"
port "https-public" {
static = 80
to = 80
# host_network = "public"
}
port "http-public" {
static = 443
to = 443
# host_network = "public"
}
}
restart {
attempts = 2
@ -31,7 +31,39 @@ job "caddy" {
delay = "30s"
mode = "fail"
}
task "app" {
task "internal" {
driver = "docker"
config {
image = "mrkaran/caddy:latest"
# Bind the config file to container.
mount {
type = "bind"
source = "configs"
target = "/etc/caddy" # Bind mount the template from `NOMAD_TASK_DIR`.
}
# Bind the data directory to preserve certs.
mount {
type = "bind"
target = "/data"
source = "/data/caddy"
readonly = false
}
ports = ["http-internal", "https-internal"]
}
resources {
cpu = 100
memory = 100
}
template {
data = <<EOF
${caddyfile_internal}
EOF
destination = "configs/Caddyfile" # Rendered template.
# Caddy doesn't support reload via signals as of
change_mode = "restart"
}
}
task "public" {
driver = "docker"
config {
image = "mrkaran/caddy:latest"
@ -48,7 +80,7 @@ job "caddy" {
source = "/data/caddy"
readonly = false
}
ports = ["http", "https"]
ports = ["http-public", "https-public"]
}
resources {
cpu = 100
@ -56,7 +88,7 @@ job "caddy" {
}
template {
data = <<EOF
${caddyfile}
${caddyfile_public}
EOF
destination = "configs/Caddyfile" # Rendered template.
# Caddy doesn't support reload via signals as of

11
hydra/terraform/modules/caddy/data.tf

@ -1,6 +1,13 @@
data "template_file" "caddyfile" {
template = file("${path.module}/conf/Caddyfile.tpl")
data "template_file" "caddyfile-internal" {
template = file("${path.module}/conf/Caddyfile-internal.tpl")
vars = {
cloudflare_api_token = var.cloudflare_api_token
}
}
data "template_file" "caddyfile-public" {
template = file("${path.module}/conf/Caddyfile-public.tpl")
vars = {
cloudflare_api_token = var.cloudflare_api_token
}
}

3
hydra/terraform/modules/caddy/job.tf

@ -1,6 +1,7 @@
resource "nomad_job" "app" {
jobspec = templatefile("${path.module}/conf/caddy.nomad.tpl", {
caddyfile = data.template_file.caddyfile.rendered
caddyfile_internal = data.template_file.caddyfile-internal.rendered
caddyfile_public = data.template_file.caddyfile-public.rendered
})
hcl2 {
enabled = true

12
hydra/terraform/modules/cloudflare/records.tf

@ -57,3 +57,15 @@ resource "cloudflare_record" "pihole" {
value = var.ips["floyd_tailscale"]
}
resource "cloudflare_record" "shynet" {
zone_id = cloudflare_zone.mrkaran_dev.id
name = "shynet"
type = "A"
ttl = "1"
proxied = "true"
# TODO: shift to floating IP
value = "68.183.87.4"
}

2
hydra/terraform/modules/pihole/conf/pihole.nomad

@ -21,7 +21,7 @@ job "pihole" {
service {
name = "pihole-admin"
tags = ["pihole", "admin"]
port = "http" # Terminate SSL at Caddy.
port = "http"
}
restart {
attempts = 2

99
hydra/terraform/modules/shynet/conf/shynet.nomad.tpl

@ -0,0 +1,99 @@
job "shynet" {
datacenters = ["hydra"]
type = "service"
group "app" {
count = 1
network {
port "http" {
to = 8080
}
port "db" {
to = 5432
host_network = "tailscale"
}
}
restart {
attempts = 2
interval = "2m"
delay = "30s"
mode = "fail"
}
task "web" {
driver = "docker"
service {
name = "shynet-web"
tags = ["shynet", "web"]
port = "http"
}
config {
image = "milesmcc/shynet:0.7.3"
# Bind the data directory to preserve config.
mount {
type = "bind"
target = "/config"
source = "/data/shynet/app/"
readonly = false
}
ports = ["http"]
}
env {
DB_NAME = "shynet"
DB_PORT = 5432
DB_USER = "shynet"
DB_PASSWORD = shynet_postgresql_password
DJANGO_SECRET_KEY = shynet_django_secret_key
TIME_ZONE = "Asia/Kolkata"
ACCOUNT_SIGNUPS_ENABLED = "False"
SCRIPT_USE_HTTPS = "True"
SHOW_SHYNET_VERSION = "True"
PERFORM_CHECKS_AND_SETUP = "True"
PORT = 8080
ONLY_SUPERUSERS_CREATE = "True"
}
template {
data = <<EOH
{{- with service "shynet-db" }}
{{- with index . 0 }}
DB_HOST="{{.Address}}"
DB_PORT="{{.Port}}"
{{- end }}
{{ end }}
EOH
destination = "secrets/file.env"
env = true
}
resources {
cpu = 200
memory = 100
}
}
task "db" {
driver = "docker"
service {
name = "shynet-db"
tags = ["shynet", "db"]
port = "db"
}
config {
image = "postgres:13"
# Bind the data directory to preserve config.
mount {
type = "bind"
target = "/var/lib/postgresql/data"
source = "/data/shynet/db/"
readonly = false
}
ports = ["db"]
}
env {
POSTGRES_DB = "shynet"
POSTGRES_USER = "shynet"
POSTGRES_PASSWORD = shynet_postgresql_password
}
# resources {
# cpu = 200
# memory = 200
# }
}
}
}

9
hydra/terraform/modules/shynet/job.tf

@ -0,0 +1,9 @@
resource "nomad_job" "app" {
jobspec = templatefile("${path.module}/conf/shynet.nomad.tpl", {
shynet_django_secret_key = var.shynet_django_secret_key,
shynet_postgresql_password = var.shynet_postgresql_password
})
hcl2 {
enabled = true
}
}

7
hydra/terraform/modules/shynet/variables.tf

@ -0,0 +1,7 @@
variable "shynet_postgresql_password" {
type = string
}
variable "shynet_django_secret_key" {
type = string
}

10
hydra/terraform/variables.tf

@ -10,3 +10,13 @@ variable "cloudflare_caddy_api_token" {
type = string
description = "API key to edit DNS zones in Cloudflare used by Caddy"
}
variable "shynet_postgresql_password" {
type = string
description = "Password for shynet PostgreSQL server"
}
variable "shynet_django_secret_key" {
type = string
description = "Django secret key generated for Shynet"
}

Loading…
Cancel
Save